ALT-PU-2022-7793-1

Package update 7-zip in branch sisyphus

Version22.01-alt1

Published2022-09-07

Max severityHIGH

Severity:

Closed issues (4)

HIGH8.4

Уязвимость библиотеки 7z.dll файлового архиватора 7-Zip, позволяющая нарушителю повысить свои привилегии

Published: 2022-04-18Modified: 2025-10-14

CVSS 3.xHIGH 8.4

CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2022-29072

HIGH8.8

Уязвимость компонента анализатора 7z-файлов архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код

Published: 2023-08-28Modified: 2024-04-05

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

HIGH7.8

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur

Published: 2022-04-15Modified: 2025-06-09

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

HIGH7.8

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

Published: 2023-11-03Modified: 2024-11-21

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References